Apple has released iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2. These are updates that fix some minor bugs. The severity of one of the faults is quite significant.
The ImageIO bug described below has been exploited in the wild and can be used to install malicious software on an iPhone. Found by The Citizen Lab at The University of Torontoʼs Munk School, all it takes for the exploit to be installed is the receipt of an iMessage. You don’t even have to open the message. Once it’s received, the malware is activated.
Here’s what Apple has provided about what the updates specifically fix.
iOS 16.6.1 and iPadOS 16.6.1 fixes
ImageIO
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School
Wallet
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A validation issue was addressed with improved logic.
CVE-2023-41061: Apple
WatchOS 9.6.2 fixes
Wallet
Available for: Apple Watch Series 4 and later
Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A validation issue was addressed with improved logic.
CVE-2023-41061: Apple
How to update your device
If you’re updating iOS or iPadOS:
- Go to Settings and tap on General
- Open Software Update and your device will search for the most recent update you can install.
For watchOS
- Open the Watch app on your iPhone
- Tap on General and then open Software Update. If there’s an available update, it will appear.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.